You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 513 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Fortress(tm) Extended to Postnuke
SecurityI submitted an article to Postnuke News and it was approved (I also re-posted it in their forums). But it was also removed the very next day (today). A discussion is taking place and it hasn't been met with open arms. At any rate, I'll continue coding it for as many PHP based apps as possible. The problem with the Postnuke forums replies states that their current API code prevents XSS and SQL Injections, yet I found so many recently made available in April that proves otherwise.

My quote at the Postnuke forums:
On another note, Fortress(tm) is a proactive application that prevents the issues that even recently are being exploited against Postnuke (not just PHP-Nuke). For instance:

April 28 2004: Multiple Vulnerabilities in PostNuke Phoenix
http://www.securiteam.com/unixfocus/5ZP0Q2ACKO.html
Several Cross-site Scripting (XSS) exploits exist.

April 25 2004: Multiple Vulnerabilities In phProfession Module For PostNuke
http://www.securiteam.com/unixfocus/5YP0L1FCKU.html
Some XSS and even SQL Injections are reported.

And it continues:

PostNuke Cross Site Scripting Vulnerabilities
http://secunia.com/advisories/11466/

I know that most of these Postnuke has already patched, but it just doesn't make sense to wait for these to be found and then patch them.

That is why Fortress(tm) has been created to be proactive against these attacks, and stops them too.

I'll continue building it, and if you use it that will simply mean you can sleep at night.

I would hope the Postnuke community would open themselves to proactive measures of security.
Posted on Tuesday, May 25 @ 14:32:16 CEST by Zhen-Xjell
 
Related Links
· Computer Cops
· More about Security
· News by Zhen-Xjell


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 3
Votes: 4


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Fortress(tm) Extended to Postnuke (Score: 1)
by valkster on Tuesday, May 25 @ 15:06:04 CEST
(User Info | Send a Message) http://zamboozle.com
Please continue development on this Fortress fork. I run 2 PHPnuke, 1 MD-PRO (Fork of Postnuke), and 1 Mambo 4.5 site. Hopefully PNFortress will work out of the box with MD-PRO, if not some very small tweaking to make it so. Also creating something like this for Mambo would be huge. They have a VERY strong following now. Announce a Mambo version on www.mamboportal.com and see what kind of response you receive.



Re: Fortress(tm) Extended to Postnuke (Score: 1)
by BigBoy on Tuesday, May 25 @ 16:20:38 CEST
(User Info | Send a Message)
If i Were in Your Place i won't look into Postnuke anymore. you do Give a very good protection & very good work & they prolly deleted your posts coz they are worried loosing costumers or their Reputation or prolly to prevent teaching hackers few ideas .
they should keep your post on their main webpage so the users can be updated.

Anyway you Are the best & PhP-Nuke & NukeCops Will Always be the best.. God Bless :)



Re: Fortress(tm) Extended to Postnuke (Score: 1)
by Imagination on Tuesday, May 25 @ 17:19:22 CEST
(User Info | Send a Message)
i suppose the reason why they may have deleted them is exactly the reason they have pre coded protection in ive always maintained the opinion postnuke is very tighly knitted within its own coding team from the opinions ive gotten from both using it a few times and using there forums i find they prefer to have it within the system already or not at all .... if there release rate was that of phpnuke's then maybe that would be fine but unfortunatly its not fortress im sure will continue on im sure ... so when do xoops and e107 get it patched in ? :P



Re: Fortress(tm) Extended to Postnuke (Score: 1)
by jstudley on Tuesday, May 25 @ 21:30:42 CEST
(User Info | Send a Message) http://www.brokensoapbox.com
I would vote that you stop dev for PN, and let them tank. It's long overdue.

thanks,
json



Re: Fortress(tm) Extended to Postnuke (Score: 1)
by larsneo on Wednesday, May 26 @ 04:00:15 CEST
(User Info | Send a Message)
>> But it was also removed the very next day (today).
first of all: the article is still online: http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2599 - it's just not a front page story anymore.

>>it hasn't been met with open arms.
as said in the discussion the postnuke development team appreciates any helpfull work (especially related to security) - but your code is neither tested within the postnuke framework nor does it follow the API and especially the coding guidelines of our application. there are various ongoing efforts in improving the overall security (especially with better typecasting) so maybe the docs will help you to improve your application.

regards from germany
larsneo, pnDevelopment



Re: Fortress(tm) Extended to Postnuke (Score: 1)
by foxyfemfem on Wednesday, May 26 @ 04:59:44 CEST
(User Info | Send a Message)
Oh well, if PN do not care to utilize Fortress that's their lost. Don't be surprise if Fortress is fork by them ... LOL ... I use Fortress on all of my php programs. That's the beauty of Fortress, it's not only used for phpnuke it also work as a standalone for any php program. Thanks ZX, now I feel alot better knowing all of my php programs has fortress embedded.


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.249 Seconds - 211 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::